CVE-2023-38018

Name of the Vulnerable Software and Affected Versions IBM Aspera Shares version 1.10.0 PL2

Description The issue arises from the software's failure to invalidate a session after a password change, potentially allowing an authenticated user to impersonate another user on the system. This flaw in user session handling could allow attackers to impersonate any user within the system, posing a substantial security risk.

Recommendations For IBM Aspera Shares version 1.10.0 PL2, consider disabling the user session handling feature until a patch is available. Restrict access to sensitive areas of the system to minimize the risk of exploitation. As a temporary workaround, limit the ability of authenticated users to interact with other user accounts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.